Lucene search
K

353 matches found

OSV
OSV
added 2026/07/07 12:3 a.m.9 views

RLSA-2026:35892 Important: nodejs:22 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References14
OSV
OSV
added 2026/07/06 12:0 a.m.8 views

ALSA-2026:35892 Important: nodejs:22 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS7.1AI score0.02806EPSS
Exploits1References28
OSV
OSV
added 2026/06/30 12:0 a.m.5 views

ALSA-2026:33412 Important: galera and mariadb11.8 security, bug fix, and enhancement update

MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...

10CVSS6.3AI score0.00998EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

RHEL 8 : mariadb:10.11 (RHSA-2026:33464)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33464 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mariadb: MariaDB Server:...

10CVSS6.5AI score0.00998EPSS
Exploits0References14
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS0.01029EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 8:21 p.m.31 views

CVE-2026-52806

Gogs is affected by CVE-2026-52806: an authenticated user can trigger remote code execution during the Rebase before merging workflow by crafting a pull request with a malicious base branch name that injects the --exec flag into git rebase. Root cause: the Merge() path in internal/database/pull.g...

9.9CVSS6AI score0.01029EPSS
In wildExploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:21 p.m.7 views

CVE-2026-52806

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS6AI score0.01029EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/24 8:21 p.m.30 views

CVE-2026-52806 Gogs: RCE via git rebase --exec argument injection in pull request merge

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS0.01029EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 8:21 p.m.3 views

CVE-2026-52806 Gogs: RCE via git rebase --exec argument injection in pull request merge

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase before...

9.9CVSS6.1AI score0.01029EPSS
Exploits0References6
OSV
OSV
added 2026/06/23 5:2 p.m.8 views

GHSA-QF6P-P7WW-CWR9 Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge

Gogs: RCE via git rebase --exec Argument Injection in PR Merge Summary Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase...

9.9CVSS6.3AI score0.01029EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:2 p.m.33 views

Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge

Gogs: RCE via git rebase --exec Argument Injection in PR Merge Summary Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase...

9.9CVSS6.3AI score0.01029EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51624

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description Authenticated users can achieve Remote Code Execution RCE on the server during the "Rebase before merging" operation in pull requests. The issue stems from improper argument handling where the base...

9.9CVSS6.2AI score0.01029EPSS
Exploits0References14
Rapid7 Blog
Rapid7 Blog
added 2026/06/05 5:1 p.m.15 views

Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum

When Open Source is a bit too Open Several fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming. Leading off is Gogs' RCE that allows an attacker to execute commands by naming their branch --exec and requesting a rebase. Another useful...

8.8CVSS7.5AI score0.96666EPSS
Exploits13
Metasploit
Metasploit
added 2026/06/03 7:1 p.m.287 views

Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/03 12:0 a.m.111 views

📄 Gogs Git Rebase Argument Injection / Remote Code Execution

This Metasploit module exploits an argument injection vulnerability in the pull request merge flow of Gogs versions less than or equal to 0.14.2 and less than or equal to 0.15.0+dev. frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source:...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/28 5:24 p.m.31 views

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/28 4:35 p.m.90 views

gogs-rce

Gogs RCE — Argument Injection in git rebase CWE-88 Authen...

6.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/05/28 12:0 p.m.140 views

CVE-2026-52806: Authenticated RCE via Argument Injection in Gogs (FIXED as of June 7, 2026)

Overview Rapid7 Labs discovered a critical argument injection CWE-88 vulnerability in Gogs, a popular open-source self-hosted Git service, tracked as CVE-2026-52806. The vulnerability, scored as CVSSv3.1 9.9 Critical, allows any authenticated user to achieve remote code execution RCE on the serve...

9.9CVSS7.4AI score0.01029EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Fedora 43 : rsync (2026-d4d8ae2bdc)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d4d8ae2bdc advisory. Fixing various bugs from Upstream. I did not do a rebase since the Upstream stopped supporting the rsync-patches repo. I accepted this change in Rawhide but ...

7.8CVSS5.8AI score0.00393EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.12 views

Oracle Linux 8 : nginx:1.24 (ELSA-2026-6907)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6907 advisory. - Resolves: RHEL-157877 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves:...

8.8CVSS7.6AI score0.99999EPSS
Exploits29References5
Rows per page
Query Builder